: Prisma Cloud Known Issues
Focus
Focus

Prisma Cloud Known Issues

Table of Contents

Prisma Cloud Known Issues

Review the list of known issues and deprecation notice on Prisma Cloud.
The following table lists the known issues on Prisma Cloud for the CSPM capabilities. For deprecation notices or upcoming changes, see Look Ahead - Planned Updates on Prisma Cloud. If you have also adopted the Compute and Microsegmentation capabilities, review the respective sections in the Release Notes.
ISSUE ID
DESCRIPTION
RLP-104295
Prisma Cloud has fully adopted Microsoft Authentication Library (MSAL) for monitoring Azure instances. However, in very rare cases, you might come across log entries for calls from Prisma Cloud to Active Directory Authentication Library (ADAL) endpoints. These entries can be disregarded. A fix will be implemented to resolve these erroneous entries.
RLP-90184
The behavior of filters on the
Alerts Overview
page is slightly different from that on the
Asset Inventory
and
Asset Explorer
pages. On the
Alerts Overview
page when you select the
Asset Class
,
Resource Type
, and
Service Name
filters, the alerts displayed are a combination of those three selected filters. Whereas on the
Asset Inventory
and
Asset Explorer
pages, the preference is given to
Resource Type
over
Service Name
when both those filters are selected due to which the assets for which alerts are displayed on the
Asset Inventory
and
Asset Explorer
pages do not match those displayed on the
Alerts Overview
page.
RLP-78777
The AWS Global Accelerator service returns an Access Denied error with the error assumed-role/PrismaCloudReadOnlyRole/redlock is not authorized to perform: iam:CreateServiceLinkedRole on resource. The issue occurs because the
aws-global-accelerator-accelerator
API requires you to enable the service-linked IAM role to ingest metadata. To resolve the error, add the role to include the required permissions.
Workaround
: If you do not want to enable the service-linked role, create a support ticket with Palo Alto Networks Technical Support to disable the AWS Global Accelerator service API.
RLP-73807
In Unified Asset Inventory, Compute alerts are not displayed in the Resource Explorer audit trail.
RLP-72605
The list of alert counts that correspond to a policy are inaccurate when you select more than one alert rule name. This issue is seen on:
  • The
    Alerts > Overview
    , when you select multiple Alert Rule Names in the filter, the results for the number of alerts that correspond to a policy is not accurate. The Alert Rule Filter works as expected when you select only one Alert Rule Name.
  • When you use the
    POST/alerts/policy
    API, make sure to include only one Alert Rule Name for the
    filters
    attribute in the request body schema.
RLP-75376
PCDS Azure only—
If you have enabled public access from selected IP addresses on storage account with Prisma Cloud NAT IPs and Azure outbound IPs added to the allow list, ingestion fails with 403 error (permission denied).
RLP-65612
PCDS Azure only—
The
Inventory
page may display 400 error if data is not available.
RLP-65602
PCDS Azure only—
During onboarding when you enter the
Client ID
and
Secret
, if the Secret exceeds the specified length, a bad request error displays.
RLP-68751
In Unified Asset Inventory, only System Administrators can view the Compute assets and not other users. Compute alerts will not be accessible on Alerts pages for all users except System Administrators.
RLP-65286
When integrating Prisma Cloud with Jira, if the Jira
issueType
field uses space as a separator between the words, such as
Service Request
or
New Feature
, a 500 Internal Server error occurs while configuring Typeahead fields such as Reporter or Assignee, in a Notification Template. You will be unable to create a Notification Template for Jira with the Typeahead fields.
Workaround
: Rename the field to remove the space or add an underscore. For example,
ServiceRequest
or
New_Feature
. You can then add Typeahead fields in a Notification Template.
RLP-65216
If you have configured multiple flow logs for a VPC and if any of the flow logs are incorrectly configured, the flow log status on Prisma Cloud is reported as a warning (Amber). This status does not impact ingestion for all the correctly configured flow logs.
RLP-62558
The resource name displayed on the Alerts L2 page does not match the name displayed for the same resource on the Asset Explorer page.
RLP-60005
Prisma Cloud may not process some of the delete bucket events, due to which the buckets that you have deleted in the AWS console will be visible in the Prisma Cloud
Inventory
page.
RLP-55036
When changing the
Maximum time before access keys expire
value for access keys, it may take up to 15 minutes for the updates to take effect.
RLP-40248
When you create an alert rule and specify target resource tags, Prisma Cloud processes only a single resource tag key/value pair properly. Proper processing of multiple resource tags or resource tags with multiple values is not guaranteed. This behavior exists whether you create the alert rule through the Prisma Cloud console or through the CSPM API.
RLP-27427
Applies to Prisma Cloud Data Security only
Malware report is not available in PDF format.
RLP-25117
Applies to Prisma Cloud Data Security only
The Dashboard displays an error when you select an account group that does not contain any accounts.
RLP-19480
The Business Unit Report does not support multi-byte characters used in languages such as Japanese.
RLP-19470
The Business Unit Report csv file lists all enabled policies even when there are no open alerts, because there are no resources to scan.
RLP-14469
When you enable Dataflow compression for a cloud account, the subnetwork creation status may display a failure message on the onboarding status page. This error displays because the time threshold to create the subnetwork and report completion exceeds the response time threshold on Prisma Cloud.
Workaround—
Click to the previous page and click next to load the status page again.
RLP-13485
If you have the maximum number of VPCs (5) already created in the project and you then enable flowlog compression, the onboarding fails because Prisma Cloud is unable to add the network needed to enable Dataflow compression. When this happens the remediation steps in the message that displays is incorrect.
RLP-9723
The integration status check for Jira displays as yellow instead of red even if the integration is misconfigured.
Dashboard widgets don’t load for a large data set where the time window is also large.
The
aws-ecs-describe-task-definition
and
aws-emr-describe-cluster
APIs now run once every 24 hours to generate alerts. If you have cloud accounts with a significant amount of ECS/EMR resources, the resource status is updated once a day.
The configuration build policies are displayed even if you have not enabled Code Security module.
Currently when you edit default policies in the Code Security module, the policy is duplicated with the updated metadata. Both the unedited policy and the edited policy are then visible on
Projects
when the
Status- Suppressed
(for the original policy) and
Errors
(for the edited policy) are enabled.
AWS CloudTrail in the Osaka region (ap-northeast-3) do not display on the Prisma Cloud administrative console.
This issue requires a fix on AWS. When fixed on AWS, the issue will be automatically resolved on Prisma Cloud.

Recommended For You